BS, his job is to find security holes, he surely spend plenty of time to find this one, saying that he did this in x or y second for sensationalism does not make any sense as he had tested before if the exploit works. The only thing that he needed was someone to click where he wanted it.

I said that he had cracked Safari within seconds of the competition. This is 100% fact, and there's nothing sensationalistic about it. It would be sensationalism if I had written something like "Safari Cracked within Seconds, Apple Most Insecure Company EVARR!!!"

But I didn't. This article is simply a lineup of facts. Like it or not. As usual, you are trying to shoot the messenger.

You make is it sound that Safari fell first and therefore it is less secure but the fact is that IE or Firefox fell exactly in the same manner, regardless who performed the exploit first.

Why is it always the messenger shooting with you Apple folk? I didn't say ANYTHING about who is less secure than the other! You are just making stuff up now.

This is a simple listing of facts of how the contest went. That's all. I can't help it that your pet company's browser was the first to fall again. Only with Apple fans can journalists/bloggers be blamed for a possible Cupertino screw up.

Humm, the flaw in Safari is probably in webkit, Chrome is probably also affected.

Thom, your reading comprehension is too low to catch this fact mentioned in the article:
He went out of his way to test the exploit before the contest to make sure it would work every time.

In other words, he did not pwn Safari on the spur of the moment in a few seconds! He went to the contest with a known-good exploit that was well-tested long before he ever walked in the door.

That being said, I'd truly love to know exactly what control over the machine he had as a result of that, as the ZDNet article is rather vague beyond stating that. I'm imagining that unless he got the user to enter their password, it wasn't quite as "total" as stated: if you can't enter the password for certain things, or do something to configure things such that you don't need it, it isn't truly total control over the machine, but it can still at least be very damaging to that user's accounts.

He went out of his way to test the exploit before the contest to make sure it would work every time.

Well, it's quite possible the other guys had also prepared for the browsers they worked on.

That being said, I'd truly love to know exactly what control over the machine he had as a result of that, as the ZDNet article is rather vague beyond stating that.

Yeah, I was also wondering how he got control over the machine from the browser. Running code, sure, but that would still only be under the user account.
Then again, having "root" isn't what most malware is interested in anyway.

but it can still at least be very damaging to that user's accounts.

Aside from not being able to change system files and configurations it can still be quite damaging. You can still run botnets from a user account, for example.